package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.sap.cloud.sdk.cloudplatform.exception.CloudPlatformException;
import io.vavr.control.Option;
import io.vavr.control.Try;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.time.Duration;
import java.util.Objects;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/CfPlatformSslContextProvider.class */
public class CfPlatformSslContextProvider extends AbstractX509SslContextProvider {
    private static final String SECURITY_PROVIDER_CLASS_NAME = "org.cloudfoundry.security.CloudFoundryContainerProvider";
    static final String CERT_ENVIRONMENT_VARIABLE = "CF_INSTANCE_CERT";
    static final String KEY_ENVIRONMENT_VARIABLE = "CF_INSTANCE_KEY";
    private final Cache cache = new Cache();
    private boolean securityProviderAvailable = Try.of(() -> {
        return Class.forName(SECURITY_PROVIDER_CLASS_NAME);
    }).isSuccess();

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CfPlatformSslContextProvider.class);
    private static final Long CACHE_DURATION_IN_MILLIS = Long.valueOf(Duration.ofMinutes(5).toMillis());

    @Nonnull
    private static Function<String, String> environmentVariableReader = System::getenv;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/CfPlatformSslContextProvider$Cache.class */
    public static final class Cache {
        private long cacheDuration = CfPlatformSslContextProvider.CACHE_DURATION_IN_MILLIS.longValue();
        private SSLContext context = null;
        private Long cachedAt = null;
        private Long lastModified = null;

        Cache() {
        }

        @Nonnull
        Option<SSLContext> get() {
            return (this.context == null || this.cacheDuration <= 0 || this.cachedAt.longValue() + this.cacheDuration < System.currentTimeMillis()) ? Option.none() : Option.some(this.context);
        }

        synchronized void set(SSLContext sSLContext) {
            this.context = sSLContext;
            this.cachedAt = Long.valueOf(System.currentTimeMillis());
        }

        @Nullable
        SSLContext getLastCachedValue() {
            return this.context;
        }

        @Generated
        public void setCacheDuration(long j) {
            this.cacheDuration = j;
        }

        @Generated
        public Long getLastModified() {
            return this.lastModified;
        }

        @Generated
        public void setLastModified(Long l) {
            this.lastModified = l;
        }
    }

    @Nonnull
    public Try<SSLContext> tryGetContext() {
        Try<SSLContext> tryLoadInstanceIdentity;
        Option<SSLContext> option = this.cache.get();
        if (option.isDefined()) {
            return option.toTry();
        }
        if (this.securityProviderAvailable) {
            log.trace("Using security provider from buildpack to establish SSL context with platform provided identity.");
            tryLoadInstanceIdentity = Try.of(SSLContext::getDefault);
        } else {
            tryLoadInstanceIdentity = tryLoadInstanceIdentity();
        }
        Cache cache = this.cache;
        Objects.requireNonNull(cache);
        tryLoadInstanceIdentity.onSuccess(cache::set);
        return tryLoadInstanceIdentity;
    }

    static void setEnvironmentVariableReader(@Nonnull Function<String, String> function) {
        environmentVariableReader = function;
    }

    private static Option<String> getEnvironmentVariable(String str) {
        return Option.of(environmentVariableReader.apply(str));
    }

    @Nonnull
    Try<SSLContext> tryLoadInstanceIdentity() {
        Option<String> environmentVariable = getEnvironmentVariable(CERT_ENVIRONMENT_VARIABLE);
        Option<String> environmentVariable2 = getEnvironmentVariable(KEY_ENVIRONMENT_VARIABLE);
        if (environmentVariable.isEmpty() || environmentVariable2.isEmpty()) {
            log.warn("Unable to create SSL context from environment: Environment variables {} and/or {} are not defined.\nProceeding without platform provided identity certificate. mTLS connections to other systems may not be possible.", CERT_ENVIRONMENT_VARIABLE, KEY_ENVIRONMENT_VARIABLE);
            return Try.of(SSLContext::getDefault);
        }
        Try filter = environmentVariable.toTry().map(File::new).filter((v0) -> {
            return v0.exists();
        }, () -> {
            return new CloudPlatformException(String.format("Failed to read the %s file declared in %s: File does not exist.", "certificate", CERT_ENVIRONMENT_VARIABLE));
        });
        Try filter2 = environmentVariable2.toTry().map(File::new).filter((v0) -> {
            return v0.exists();
        }, () -> {
            return new CloudPlatformException(String.format("Failed to read the %s file declared in %s: File does not exist.", "key", KEY_ENVIRONMENT_VARIABLE));
        });
        if (filter.isFailure()) {
            return Try.failure(filter.getCause());
        }
        if (filter2.isFailure()) {
            return Try.failure(filter2.getCause());
        }
        File file = (File) filter.get();
        if (this.cache.getLastModified() != null && file.lastModified() == this.cache.getLastModified().longValue()) {
            log.trace("Certificate file is unchanged, using cached SSL context.");
            return Try.success(this.cache.getLastCachedValue());
        }
        this.cache.setLastModified(Long.valueOf(file.lastModified()));
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(file.toPath(), StandardCharsets.UTF_8);
            try {
                BufferedReader newBufferedReader2 = Files.newBufferedReader(((File) filter2.get()).toPath(), StandardCharsets.UTF_8);
                try {
                    Try<SSLContext> tryGetContext = tryGetContext(newBufferedReader, newBufferedReader2);
                    if (newBufferedReader2 != null) {
                        newBufferedReader2.close();
                    }
                    if (newBufferedReader != null) {
                        newBufferedReader.close();
                    }
                    return tryGetContext;
                } catch (Throwable th) {
                    if (newBufferedReader2 != null) {
                        try {
                            newBufferedReader2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            return Try.failure(new CloudPlatformException("Should not happen: Instance identity certificate files were removed while reading.", e));
        }
    }

    void setCacheDuration(@Nonnull Duration duration) {
        this.cache.setCacheDuration(duration.toMillis());
    }

    @Generated
    Cache getCache() {
        return this.cache;
    }

    @Generated
    public void setSecurityProviderAvailable(boolean z) {
        this.securityProviderAvailable = z;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1713303029:
                if (implMethodName.equals("getDefault")) {
                    z = true;
                    break;
                }
                break;
            case -1614089184:
                if (implMethodName.equals("lambda$new$80fc4430$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/CfPlatformSslContextProvider") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Class;")) {
                    return () -> {
                        return Class.forName(SECURITY_PROVIDER_CLASS_NAME);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("javax/net/ssl/SSLContext") && serializedLambda.getImplMethodSignature().equals("()Ljavax/net/ssl/SSLContext;")) {
                    return SSLContext::getDefault;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("javax/net/ssl/SSLContext") && serializedLambda.getImplMethodSignature().equals("()Ljavax/net/ssl/SSLContext;")) {
                    return SSLContext::getDefault;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
